(from Robert Portvliet) Here's list of some (SQL Injection) resources I had put together, a good portion of it is probably covered in the Phoenix OWASP list, but here it is anyway: Vulnerable WebApps: GOAT - MOTH - Damn Vulnerable Web App - Mutillidae - Hackme Bank - Hackme Travel - Hackme Shipping - Hackme Casino - Videos & webcasts: OWASP Appsec NYC 2008 - Caught in the web series - Invasion of the browser snatchers series - Advanced SQL injection - Websec 101 - Hackme Bank & Hackme Travel videos- Tools Samurai Web Testing Framework (Live CD which contains most tools needed to perform web assesment) - Methodologies OWASP Testing Guide - Cheat Sheets SQL Injection Cheat Sheet - SQL Injection Cheat Sheet - SQL Injection Cheat Sheet w/ filter evasion - SQL Injection Cheat Sheets sorted by DB - XSS Cheat Sheet w/ filter evasion - Web App Assesment Cheat Sheet - Books: Web Application Hackers Handbook - Whitepapers & slides- OWASP article on Web application penetration testing - Advanced SQL injection - Best of web application penetration testing tools - (The next two papers are a little old, but still quite useful) Advanced SQL Injection in SQL Server - (More) Advanced SQL Injection in SQL server -